Bitcoin is one of the most popular digital currency in the world. Recently two famous Bitcoin apps, Copay, and BitPay apps have affected with a vulnerability that allows a hacker to steal Bitcoins. It also steals other funds stored on the cryptocurrency wallets. The bug enabled the anonymous hacker to manipulate the apps to load the modified code and gain access to the JavaScript library.
Security researchers believe that the malicious code injection attack targeting the JavaScript library went on for weeks.
In a press release, BitPay said “Currently we have only confirmed that the malicious code was deployed on versions 5.0.2 through 5.1.0 of our Copay and BitPay apps. However, the BitPay app was not vulnerable to the malicious code. We are still investigating whether this code vulnerability was ever exploited against Copay users”.
Once the malicious code was injected into the app, the hacker could steal users’ wallet information, including private keys. The BitPay team has requested its customers to stop running the affected apps on their devices. They have released an updated version – 5.2.0 with the fixed vulnerability.
In a statement, BitPay said “In the meantime, if you are using any Copay version from 5.0.2 to 5.1.0, you should not run or open the app. A security update version (5.2.0) has been released and will be available for all Copay and BitPay wallet users in the app stores momentarily”.
BitPay team also said, “Users should not attempt to move funds to new wallets by importing affected wallets’ twelve-word backup phrases (which correspond to potentially compromised private keys). Users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds”.
BitPay advised the users to update their apps as soon as possible to avoid this vulnerability issue.
